Home page logo

Nmap Announce mailing list archives

nmap's "-S" option and linux SAV
From: tech_related () ip pt
Date: Sat, 15 Jul 2000 23:57:59 GMT


I've noticed that on my network nmap 2.53, when run with the command

nmap -sS -e ppp0 -S [false IP] [target]

completely bypasses the Source Address Verification built into the linux kernel and activaded via

for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1  > $f

in the firewall script I use.

Does the kernel's SAV always prove incapable of blocking nmap's scans using spoofed packets? Or am I missing something?



PS: This must be a typical newbie question, but I really couldn't figure this out all by myself:

nmap -sU -P0 -e ppp0 1-1024

resulted in 

Allt 1024 scanned ports on are: filtered

but (for example)

nmap -sU P0 -e ppp0 1

outputs "port 1, state open" (the same happened with all the ports in the 1-1024 range I cared to try).

Does "open" mean the same as "filtered" in this context?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]